• Plan, design, build, and execute JFrog’s security engineering operations, working in an agile environment.
• Identify emerging cybersecurity threats, misconfigurations, and vulnerabilities by conducting continuous monitoring and log analysis related to JFrog Cloud.
• Perform incident triage and handling by determining scope, urgency, and potential impact, identifying specific vulnerabilities, recommending actions for swift remediation, and conducting post-incident reviews to identify lessons learned and areas for improvement.
• Partner with the engineering teams in the company to drive the security mission across the organization.
• Develop, implement, and manage DevSecOps-focused incident response plans, playbooks, standard operating procedures, and security tools and technologies.
• Provide on-call security support as needed.

Required Qualifications:

• 5+ years of industry experience in security with solid knowledge of cloud security principles and practices.
• Hands-on experience with cloud (AWS/GCP/Azure) preferably with containerized and kubernetes environments.
• Proficiency with cloud security platforms such as CSPM, DSPM, SSPM, and CNAP.
• Hands-on experience with SIEM tools and developing SOAR playbooks.
• Strong understanding and application of the principle of least privilege; experience with workload identity is a plus.
• Experience with vulnerability management and threat detection platforms.
• Proficiency in at least one scripting language (Python, PowerShell, Bash).
• Experience with Endpoint Detection and Response (EDR) solutions.

Preferred Qualifications:

• Familiarity with DevSecOps principles such as CI/CD or Infrastructure as Code (IaC) is advantageous.
• Knowledge of workload/runtime protection is a significant advantage.

NA